GHSA-w7cq-j9p9-hm3m

Suggest an improvement
Source
https://github.com/advisories/GHSA-w7cq-j9p9-hm3m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w7cq-j9p9-hm3m/GHSA-w7cq-j9p9-hm3m.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-w7cq-j9p9-hm3m
Aliases
  • CVE-2014-8152
Published
2022-05-13T01:05:55Z
Modified
2024-04-12T22:02:23.227558Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Improper Input Validation in Apache Santuario XML Security
Details

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.

Database specific
{
    "nvd_published_at": "2015-01-21T18:59:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T21:02:07Z"
}
References

Affected packages

Maven / org.apache.santuario:xmlsec

Package

Name
org.apache.santuario:xmlsec
View open source insights on deps.dev
Purl
pkg:maven/org.apache.santuario/xmlsec

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.3

Affected versions

2.*

2.0.0
2.0.1
2.0.2